I have a VPS server with Media Temple, running CentOS with Plesk Parallels installed. It has a VPN module which I would ultimately like to configure to allow multiple clients to connect to the VPN server and be able to route all web and local traffic through the VPN server.
This is the server config:
#
# Automatically generated by Plesk VPN module
#
lport 1194
ifconfig 10.yy.xx.1 255.255.255.252
daemon
secret /usr/local/psa/var/modules/vpn/vpn-key
writepid /usr/local/psa/var/modules/vpn/openvpn.pid
mtu-disc yes
comp-lzo
dev tap
float
keepalive 10 60
ping-timer-rem
resolv-retry infinite
push "dhcp-option DNS 10.yy.xx.1"
on the client side I have the following config:
#
# Automatically generated by Plesk VPN module
#
remote xcxcxcx.com
nobind
rport 1194
ifconfig 10.xx.yy.2 255.255.255.252
secret vpn-key
comp-lzo
dev tap
float
keepalive 10 60
ping-timer-rem
resolv-retry infinite
route-gateway 10.xx.yy.1
redirect-gateway
I should mention that although the comments say the files were auto generated, they've been modified manually since being created.
At the moment I'm able to connect to the VPN server and even ping the gateway 10.xx.yy.1, but when I ping google.com for instance, it times out. It resolves the domain to an ip correctly, but there doesn't seem to be data flow. I'm at a complete loss.
Any suggestions?
Answer
Alright, so here's what worked:
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
RETURN all -- 0.0.0.0/0 10.66.77.0/30
SNAT all -- 10.66.77.0/30 0.0.0.0/0 to:72.10.36.151
The second portion works to replace MASQUERADING which is not available in a virtualized container environment. The iptables modules which can be found with lsmod simply aren't loaded by the host.
The two rules used ensure that traffic flows between the VPN subnet and the internet.
Thanks to Irosa for helping out with some fresh ideas.
No comments:
Post a Comment